General
-
Target
2024-08-17_3bbfb93f993700aa5e61a6f9325770f7_hijackloader_ryuk
-
Size
4.2MB
-
Sample
240817-qppxaaxflc
-
MD5
3bbfb93f993700aa5e61a6f9325770f7
-
SHA1
cd2d1a4448a900f741777f309a840bd9c2098398
-
SHA256
8ba6b417906b0227b61a992abe7ea80c5980abaa85afb30e0af455c02f330045
-
SHA512
2732af4a28f046016c9d33eef2e46e03d3474ff448c9e2b2a95d7a232c6b87df1741fa8e3a4e8ffe221297dd20c25e81c31e60fc55b93a2eaf2a87c06c563f47
-
SSDEEP
49152:9rmNs/SSnbbKE0bLUmI6ao5h+GjsY3ttr6cJzRIq4RBTkV2XNuBDGuMrkOwbFE10:u5sY3n6cJzR8Nfwa6
Malware Config
Extracted
F:\$RECYCLE.BIN\S-1-5-21-523280732-2327480845-3730041215-1000\RESTORE_FILES.txt
azov
Targets
-
-
Target
2024-08-17_3bbfb93f993700aa5e61a6f9325770f7_hijackloader_ryuk
-
Size
4.2MB
-
MD5
3bbfb93f993700aa5e61a6f9325770f7
-
SHA1
cd2d1a4448a900f741777f309a840bd9c2098398
-
SHA256
8ba6b417906b0227b61a992abe7ea80c5980abaa85afb30e0af455c02f330045
-
SHA512
2732af4a28f046016c9d33eef2e46e03d3474ff448c9e2b2a95d7a232c6b87df1741fa8e3a4e8ffe221297dd20c25e81c31e60fc55b93a2eaf2a87c06c563f47
-
SSDEEP
49152:9rmNs/SSnbbKE0bLUmI6ao5h+GjsY3ttr6cJzRIq4RBTkV2XNuBDGuMrkOwbFE10:u5sY3n6cJzR8Nfwa6
Score10/10-
Azov
A wiper seeking only damage, first seen in 2022.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-